- Add wrappers for PHYSFS_read and its convenience functions. Poison
the memory before calling PHYSFS, so that any uninitialized bytes
(likely caused by a short read) are reported if the caller tries to
access the value anyway.
- Add SConstruct options to enable wrapping, so that users do not need
to enumerate the wrapped functions manually.
- Fix link failure when using LTO+wrappers.
d2x::segment has all members of d1x::segment, as well as two new members
exclusive to d2x::segment. Structure layout is such that d1x::segment
requires the same size allocation, and places anonymous pad members in
the locations that become named members in d2x::segment. Thus, reusing
d2x::segment for d1x::segment does not change the size of the structure
nor the offsets of any members used. This reuse may enable some
functions to be better shared by the dsx project.
Future work will introduce uses of d1x/d2x in the other game when the
types can be usefully shared. Extend the anti-nesting guards to cover
mistakes that might arise when referring to the namespaces by their
real name, rather than the alias name dsx.
Instead of blacklisting two specific bad N_save_pof_names values, ignore
all N_save_pof_names that would overrun the Save_pof_names array.
This allows Rebirth to load broken levels such as "Hazard Zone"[1]. In
the case of Hazard Zone, the POF count is simply missing, so the first
two characters of the first POF name were taken as a count. This led to
a massive overrun of the Save_pof_names array.
[1]:
```
sha1sum hazard.msn hazard.rdl
25abe7ba1aca91f0bd09551e65cfadeabfcb73df hazard.msn
f5e6761b674b595550b27733fd83eeb2eff5e8f8 hazard.rdl
```
`value` is generic and unclear. It is always meant to be used as an
index into the Station array, so rename it `station_idx` to show this.
Define and consistently use `station_none` to represent that no station
is assigned.
Using precompiled headers includes vers_id.h into
similar/main/newdemo.cpp. gcc-4.9 reports a conflict between vers_id.h
`extern const char g_descent_build_datetime[21]` and newdemo.cpp macro
generated `extern const char g_descent_build_datetime[]`. The size is
only needed in the definition, so remove it from the declaration to
align with the macro-generated extern.
Delete stub "compiler-type_traits.h" header. Redirect all uses to the
standard <type_traits> header.
git grep -wlz 'compiler-type_traits.h' -- '*.cpp' '*.h' | xargs -0 perl -p -i <<EOF
BEGIN {
$i = 0;
}
if (($i == 1 && $_ eq "\n") || ($i < 2 && /^#include "/)) {
# First blank line or first user-include after a system-include.
# Print, then never again for this file.
print "#include <type_traits>\n";
$i = 2;
} elsif ($i == 0) {
$i = 1 if (/^#include </);
} elsif ($_ eq "#include \"compiler-type_traits.h\"\n") {
# Remove this line if found.
$_ = '';
}
# Reset state machine when moving to next file.
$i = 0 if eof;
EOF
All supported compilers have an acceptable <type_traits>. Commit
4cb3d46148 ("Move <type_traits> test to Cxx11RequiredFeature") made
<type_traits> support mandatory in August and no one has objected.
Remove the indirection and use namespace std directly for type_traits
members.
Early unification efforts missed this one because it was in gamemine.c
for Descent 1, but segment.c for Descent 2. Move it to gamemine.cpp for
both, so that it can be static for both games.
It is not meant to be included in every file. Starting in gcc-7, static
functions declared in valptridx.tcc generate -Wunused-function warnings
if the including file does not instantiate any templates that use the
static function. Avoid these warnings by including the tcc only in a
file that is guaranteed to instantiate templates that use these
functions.
gcc-7 warning -Wformat-truncation would be good to fix, but the compiler
does not offer an acceptable solution yet.
gcc-7 warning -Wimplicit-fallthrough requires more analysis of the
diagnosed sites to identify which, if any, require a resolution other
than suppressing the warning.
gcc-7 warns:
similar/main/mglobal.cpp:119:5: error: this use of "defined" may not be portable [-Werror=expansion-to-defined]
#if DXX_VALPTRIDX_ENABLE_FULL_TEMPLATE_INSTANTIATION
Fix this by using the long form of the definition.
gcc-6 issues a "used but never defined" warning for functions which are
declared, never defined, and used only in contexts which are later
deleted by the optimizer. If the function were actually used, the link
would fail. Switch to a complicated mechanism to define the function
while keeping it out of line so that __attribute__((__error__)) is
triggered as intended.
Previously, valptridx used PREFIX for allow-invalid+mutable, c#PREFIX
for allow-invalid+const, v#PREFIX for require-valid+mutable, vc#PREFIX
for require-valid+const. Convert the types, factories, and all usage
sites to specify a qualifier for all four combinations:
im#PREFIX -> allow-invalid+mutable
ic#PREFIX -> allow-invalid+const
vm#PREFIX -> require-valid+mutable
vc#PREFIX -> require-valid+const
Changes to common/include/valptridx.h and common/include/fwd-valptridx.h
are manual. All other changes are generated by:
git grep -lz -e '\(obj\|seg\|clwall\|wall\|actdoor\|trg\)\(ptridx\|ptr\|idx\)\(_t\)\?\>' | xargs -0 sed -i -e 's/\<\(v\?\)\(\(obj\|seg\|clwall\|wall\|actdoor\|trg\)\(ptridx\|ptr\|idx\)\(_t\)\?\)\>/\1m\2/g'
for the 'm' prefix and:
git grep -lz -e '\(obj\|seg\|clwall\|wall\|actdoor\|trg\)\(ptridx\|ptr\|idx\)\(_t\)\?\>' | xargs -0 sed -i -e 's/\<\([cm]\(obj\|seg\|clwall\|wall\|actdoor\|trg\)\(ptridx\|ptr\|idx\)\(_t\)\?\)\>/i&/g'
for the 'i' prefix.
Past releases had a debug-only assertion that 25 was sufficient, but
then dynamically allocated enough storage for larger models as needed.
Commit 22a34809ee ("Move interpreter g3s_lrgb onto stack") added a
hard limit of 25, but did not detect attempts to exceed this. Custom
models that exceeded 25 would cause a stack buffer overwrite and likely
crash. Raise the limit to 64 and add sanity checking to refuse to
render models that exceed MAX_POINTS_PER_POLY.
Fixes: 22a34809ee ("Move interpreter g3s_lrgb onto stack")
Disable gcc's -Wformat-nonliteral for this one call since unchecked
format strings are (1) under the user's control, (2) unable to cause
problems, and (3) very difficult to fully support with the warning
enabled.
Reported-by: parkerlreed <https://github.com/dxx-rebirth/dxx-rebirth/issues/338>
For switch cases where existing comments or code flow logic obviously
intended to fall through, add a gcc-7 /*-fallthrough*/ comment to
silence warnings about this. Some cases which are less obvious are not
converted, so the code does not yet compile clean with
-Wimplicit-fallthrough.
Reported-by: parkerlreed <https://github.com/dxx-rebirth/dxx-rebirth/issues/338>
Compile time sanity checks are built on gcc's __builtin_constant_p.
This intrinsic is useful for optimization and for some simple forms of
compile-time checks (such as the infamous open(2) missing mode), but
upstream does not guarantee that it will work reliably for more
complicated checks. Starting in gcc-7.1, __builtin_constant_p returns
an incorrect result of true for the vm_vec_sub expression
`(a.x == b.x && a.y == b.y && a.z == b.z)`
even when the blamed sites clearly cannot prove that the inputs are
equal. The useful result would be to return true if, and only if, the
inputs were provably identical; inputs which might be identical at
runtime, or might not, would return false. Based on a bug filed with
gcc and the developer comments there, it appears many projects have
assumed this intrinsic is usable in this way, but the gcc developers do
not guarantee that it can be used this way. Additionally, they believe
affected projects are rare and were wrong to use this intrinsic, so they
have no plans to fix this regression.
For more details, see gcc bug #72785
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=72785>. For some more
pointed commentary on this change in gcc, see Linus' kernel commit
474c90156c8dcc2fa815e6716cc9394d7930cb9c
<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=474c90156c8dcc2fa815e6716cc9394d7930cb9c>.
Update the SConf test to include the reproducer shown by Markus
Trippelsdorf in gcc bug #72785, comment #0. This reproducer compiles
cleanly on <gcc-7, causing no change in semantics on older compilers.
Affected versions of gcc-7 will miscompile this reproducer into a link
error, causing SConf to record that the compiler does not optimize
__builtin_constant_p. This is pessimistic, since even affected versions
of gcc-7 can handle some simple uses of __builtin_constant_p correctly.
This is a quick fix to get gcc-7 users working. Upstream seems
disinclined to revert to the more useful semantics of <gcc-7 or to
introduce an alternative intrinsic with more helpful semantics. As a
minor enhancement for Rebirth, it would be nice to probe the limits of
gcc-7's handling of __builtin_constant_p so that cases it handles
correctly could be enabled for gcc-7 users, while still blacklisting the
more complicated checks that gcc-7 miscompiles.
Thanks to Markus Trippelsdorf for providing a minimal reproducer to
detect the affected gcc versions.
Reported-by: parkerlreed <https://github.com/dxx-rebirth/dxx-rebirth/issues/337>
The dump logger probes for the end of the stack, then rounds down to the
nearest paragraph boundary to simplify the logic in the hexdump routine.
The termination condition in the hexdump code assumed that there would
exist an integer N such that (`start` + (16 * N) == `end`). Since `end`
is rounded to a multiple of 16, this held if and only if `start` is also
a multiple of 16. In practice, this tended to happen, but it was not
guaranteed by the code. If it ever failed to happen, then the hexdump
routine would not terminate and would instead perform an invalid read
beyond the edge of the stack.
Modify the hexdump routine to round `start` to a multiple of 16 so that
the termination condition works as intended. This has the useful side
effect that hex dumps now always start paragraph aligned. When the
stack was not paragraph aligned, this change will cause the hexdump to
show bytes below the stack pointer at the time of the fault. However,
the stack requirements of the handler itself ensure that these bytes
will be valid.
